IPTABLES: Egress packet/port filtering

From: Shane R. Spencer <shane@tdxnet.com>
Date: Tue Jun 06 2006 - 09:58:09 AKDT

Yo..

So, I operate a few hotspots and am having some wonderful issues with
some very hostile customers staying at a hotel we provide wireless
Internet access for. It is free and we have public IP's for all
wireless clients staying at the hotel, which I am starting to think was
a stupid idea, however older VPN implementations almost required it in
order to keep support requests to a minimal.

I am hoping to block all but pop/imap/smtp(filtered via
clamsmtp)/http(transparent squid)/VPN's and drop everything else. I
found a few helpful links including this one:

http://www.enterprisenetworkingplanet.com/netsysm/article.php/2168251

At this point I just need a little advice on the do's and dont's of this
kind of situation.

Should I block *all* traffic ingress forwarded traffic if I don't want
folks hosting web servers during their long stay at the hotel, not to
mention p2p traffic.

Should I block all egress high ports 1024:65535 unless they are somehow
related to traffic, which I am unsure of how that works.

Shane

---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Tue Jun 6 09:58:27 2006

This archive was generated by hypermail 2.1.8 : Tue Jun 06 2006 - 09:58:27 AKDT